The California senate has approved a strict data breach law that allows both customers and non-customers alike to sue third-party data brokers for damages caused by a breach. The bill will allow damages of $1K per breach or monetary damages – whichever is greater. This bill is a reaction to recent breaches such as the Equifax breach, but I think it goes too far by allowing those who aren’t a customer to sue. How can they claim damages? Regardless, something needs to be done to companies that fail to protect customer data.



Like all bills passed in a final-week voting frenzy, “SB-1121 Personal Information,” by Senator Bill Dodd, now goes to the state assembly, where it must pass or fail by August 31. If the bill succeeds, Democratic Governor Jerry Brown would then have 30 days to sign or veto it.

Discussion

Source: [H]ardOCP – California’s Strict Data Breach Law Moves Forward